diff -urp john-1.7.6-jumbo-3/src/KRB5_fmt.c john-1.7.6/src/KRB5_fmt.c
--- john-1.7.6-jumbo-3/src/KRB5_fmt.c	2009-09-22 21:03:43 +0000
+++ john-1.7.6/src/KRB5_fmt.c	2010-06-24 16:40:17 +0000
@@ -105,7 +105,7 @@ krb5_key *krb5key = &_krb5key;
 /**
  * hex2bin           // {{{
  */
-static void hex2bin(char *src, unsigned char *dst, int outsize) {
+static char hex2bin(char *src, unsigned char *dst, int outsize) {
     char *p, *pe;
     unsigned char *q, *qe, ch, cl;
 
@@ -118,14 +118,15 @@ static void hex2bin(char *src, unsigned 
 
         if ((ch >= '0') && (ch <= '9')) ch -= '0';
         else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
-        else return;
+        else return p[0];
 
         if ((cl >= '0') && (cl <= '9')) cl -= '0';
         else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
-        else return;
+        else return p[1];
 
         *q++ = (ch << 4) | cl;
     }
+    return 0;
 }
 // }}}
 
@@ -166,51 +167,55 @@ int krb5_decrypt_compare() {
 // }}}
 
 /**
- * int krb5_valid                                                   // {{{
+ * void * krb5_salt                                                 // {{{
  * 
  */
-static int krb5_valid(char *ciphertext) {       
-    
-    if (strncmp(ciphertext, MAGIC_PREFIX, strlen(MAGIC_PREFIX)) != 0)
-        return 0;
-    
-    return 1;
+static void * krb5_salt(char *ciphertext) {
+    static struct salt salt;
+    char *data = ciphertext, *p;
+    int n;
+
+    // advance past the $krb5$ string - it was checked for in valid()
+    data += strlen(MAGIC_PREFIX);
+
+    // find and copy the user field
+    p = strchr(data, '$');
+    if (!p)
+	return NULL;
+    n = (p - data) + 1;
+    if (n >= sizeof(salt.user))
+	return NULL;
+    strnzcpy(salt.user, data, n);
+    data = p + 1;
+
+    // find and copy the realm field
+    p = strchr(data, '$');
+    if (!p)
+	return NULL;
+    n = (p - data) + 1;
+    if (n >= sizeof(salt.realm))
+	return NULL;
+    strnzcpy(salt.realm, data, n);
+    data = p + 1;
+
+    // copy over the TGT in a binary form to the salt struct
+    if (hex2bin(data, (unsigned char *) salt.tgt_ebin, TGT_SIZE))
+	return NULL;
+
+    return &salt;
 }
 // }}}
 
 /**
- * void * krb5_salt                                                 // {{{
+ * int krb5_valid                                                   // {{{
  * 
  */
-static void * krb5_salt(char *ciphertext) {
-    
-    struct salt *salt = NULL;
-    char *data = ciphertext, *p;
+static int krb5_valid(char *ciphertext) {       
     
-    // check the presence of $krb5$
-    if (strncmp(data, MAGIC_PREFIX, strlen(MAGIC_PREFIX)) == 0) {
-        // advance past the $krb5$ string
-        data += strlen(MAGIC_PREFIX);
-
-        // allocate memory for the struct
-        salt = malloc(sizeof(struct salt));
-        if (salt == NULL)
-            return NULL;
-
-        // find and copy the user field 
-        p = strchr(data, '$');
-        strnzcpy(salt->user, data, (p - data) + 1);
-        data = p + 1;
-        
-        // find and copy the realm field 
-        p = strchr(data, '$');
-        strnzcpy(salt->realm, data, (p - data) + 1);
-        data = p + 1;
-        
-        // copy over the TGT in a binary form to the salt struct
-        hex2bin(data, (unsigned char *) salt->tgt_ebin, TGT_SIZE);        
-    }
-    return salt;
+    if (strncmp(ciphertext, MAGIC_PREFIX, strlen(MAGIC_PREFIX)) != 0)
+        return 0;
+
+    return krb5_salt(ciphertext) ? 1 : 0;
 }
 // }}}
 
diff -urp john-1.7.6-jumbo-3/src/KRB5_std.c john-1.7.6/src/KRB5_std.c
--- john-1.7.6-jumbo-3/src/KRB5_std.c	2009-10-29 03:53:54 +0000
+++ john-1.7.6/src/KRB5_std.c	2010-06-24 17:44:41 +0000
@@ -280,7 +280,8 @@ void str2key(char *user, char *realm, ch
     
     // derive key from key
     derive_key(derive_const, sizeof(derive_const), krb5key);
-    
+
+    free(text);
 }
 // }}}